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ABSTRACT 



The operating and other procedures of an optical disk 
application system of the type for which a network is used 
are simplified. Optical disks have auxiliary data recording 
areas, where different IDs for individual disks, and/or cipher 
keys and/or decoding keys for ciphers are recorded in 
advance in a factory. By using the IDs to release the soft 
ciphers, using the cipher keys when sending the ciphers, and 
using the decoding keys when receiving the ciphers, user 
authorization procedures are simplified. 
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OPTICAL DISK, OPTICAL RECORDER, 

OPTICAL REPRODUCER, 
CRYTOCOMMUNICATION SYSTEM AND 
PROGRAM LICENSE SYSTEM 

TECHNICAL FIELD 

The present invention relates to an optical disk, an optical 
disk system and a cryptocommunication method. 

BACKGROUND 

In recent years, with the increased use of networks such 
as the Internet and optical CD ROM disks, network soft key 
distribution for optical ROM disks has increased. Also, 
electronic commercial transactions have increased. 

Soft key electronic distribution systems for CD-ROM 
media have been used. In conventional systems, it is known 
to give passwords and decipher the enciphered soft ciphers 
recorded on the CD-ROMs in advance. When CD-ROMs are 
used, however, it is not possible additionally to record on the 
disks, so that it is not possible to individually set IDs for 
respective disks. Therefore, one password would release the 
ciphers of all the disks manufactured from the same original 
disk. For this reason, when CD-ROMs are used, it is 
necessary to install the disks' IDs on the hard disks of 
personal computers, or mail to users IDs prepared centrally. 

In electronic distribution systems with conventional opti- 
cal disks and/or optical disk systems, there is a need to 
provide the disks and/or systems with IDs and/or cipher 
keys. It is an object of the present invention to simply 
provide IDs and cipher keys for ROM disks in electronic 
distribution systems. 

SUMMARY OF THE INVENTION 

To achieve the objects of the present invention, the pit 
portions of optical disks are provided with an additional 
recording area or Burst Cutting Area (hereinafter abbrevi- 
ated as BCA) overwritten with a bar code and, when the 
disks are manufactured, IDs differing for each disk and, 
according to the need, cipher keys for communication and 
decoding keys for decoding key cipher texts for 
communication, are recorded individually in the BCA areas. 
As a result, when the disks have been distributed to users, 
the user ID numbers, the cipher keys for transmission for 
communication, and the decoding keys for reception are 
distributed automatically to the users. It is therefore possible 
to omit some of the procedures that complicate conventional 
systems. Also, cryptocommunication and the identification 
of disks are made possible at the same time. 

BRIEF DESCRIPTION OF THE DRAWINGS 

FIG. 1 is a flow chart of an optical disk according to an 
embodiment of the present invention. 

FIGS. 2a-c are cross sections and results of trimming 
with a pulse laser according to an embodiment of the 
invention. 

FIGS. 3a-g show the signal reproduction waveforms at a 
trimming portion according to an embodiment of the inven- 
tion. 

FIG. 4 is a block diagram of a reproducer according to an 
embodiment of the invention. 

FIG. Sa shows the waveform of a reproduced signal at a 
BCA part according to the invention. FIG. 56 shows dimen- 
sional relationships of a BCA part according to the inven- 
tion. 
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FIG. 6 shows a method of cryptocommunication and a 
cipher key method by means of a password according to an 
embodiment of the present invention. 

FIGS, la-c show the format of a BCA according to the 
5 invention, 

FIG. 8 shows a method of cryptocommunication and a 
method of unlocking a cipher with a password according to 
an embodiment of the invention. 
10 FIG. 9 shows a procedure for operation of a disk, the 
content part of which may have been licensed, according to 
an embodiment of the invention. 

FIG. 10 is a block diagram of an example wherein a BCA 
has been recorded in a RAM disk according to an erabodi- 
15 ment of the present invention. 

FIG. 11 is a block diagram of a method or system for 
prevention of unauthorized copying according to an embodi- 
ment of the invention. 

FIG. 12 is a flow chart depicting preventing unauthorized 
20 copying according to an embodiment of the invention. 

FIG, 13a is a plan view and FIG. 136 is a cross section of 
an optical disk, on the BCA of which an article or commod- 
ity bar code has been printed, according to an embodiment 
of the invention. FIG. 13c shows a method or producing an 
25 optical disk according to an embodiment of the invention. 
FIG. 14 is a block diagram of a POS settlement system 
with a ROM disk having a BCA and a POS terminal 
according to an embodiment of the invention. 
30 FIG. 15 is a flow chart of cipher release in and between 
a press company, a software company and a selling store, 
according to an embodiment of the present invention. 

FIGS. 16 and 17 are flow charts (Parts 1 and 2, 
respectively) of steps of enciphering and decoding cipher 
35 data with a disk ID and/or the like according to an embodi- 
ment of the invention. 

FIGS. 18, 19 and 20 are flow charts (Parts 1, 2 and 3, 
respectively) of communication cipher key distribution and 
cryptocommunication with a BCA according to an embodi- 
40 ment of the invention. 

FIGS. 21, 22 and 23 are flow charts (Parts 1, 2 and 3, 
respectively) of an electronic settlement system with a BCA 
according to an embodiment of the present invention. 
4S FIG. 24 is a block diagram of a method of recording and 
reproducing for recording limitation to one RAM disk with 
a BCA according to an embodiment of the invention. 

At the end of this specification is appended a list identi- 
fying items corresponding to the reference numerals used in 
50 the aforementioned drawings, that listing being in consecu- 
tive numerical order of the reference numerals. 

DETAILED DESCRIPTION OF THE 
INVENTION 

55 The present invention will be described on the basis of a 
number of embodiments. Herein, an additional recording 
area using the BCA system is referred to as a *BCA area', 
and data recorded in a BCA is referred to as 'BCA data'. In 
addition, first identification data is referred to as 'ID* or 'disk 

60 ID\ 

FIG. 1 shows a typical process for producing a disk with 
a BCA. The first cipher key 802, such as a public key, is used 
by "a cipher encoder or scrambler 803 to encipher contents 
777 into the first cipher 805. An 8-16 modulator 917, such 
65 as a mastering unit, modulates the first cipher 805. A laser 
records the modulated signal as pits in the first recording 
area 919 of an original disk 800. A molding machine 808a 
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uses the original disk 800 to mold disk-like transparent 
substrates (not shown). A reflecting film making machine 
8086 forms reflecting Al films, and makes single-sided disks 
809a and 8096 which are each 0.6 millimeter thick. A 
bonding machine 808c laminates these disks together to 5 
make a completed disk 809. A trimming unit 807 modulates 
the disk ID 921, the first cipher decoding key 922, or the 
second cipher key 923 for Internet communication in the 
second recording area 920 of the completed disk 809, with 
a Phase Encoding-Return to Zero (PE-RZ) modulator 807a, 10 
which combines PE modulation and RZ modulation. A pulse 
laser 8076 effects BCA trimming to make a disk 801 with a 
6CA. Because laminated disks are used, it is not possible to 
alter the BCA inside, and thus the completed disk can be 
used for security. 15 

A BCA will next be explained briefly. 

As shown in FIG. 2a, a pulse laser 808 trims the reflecting 
aluminum films of the two-layer disk 801 in a BCA to record 
a slripe-like low reflection part 810 on the basis of a PE 
modulating signal As shown in FIG, 26, BCA stripes are 20 
formed on the disk. If the stripes are reproduced by a 
conventional optical head, the BCA has no reflecting signal. 
Therefore, as shown in FIG. 2c, gaps 810a, 8106 and 810c 
are produced, where the modulating signal is missing. The 
modulating signal is sliced at the first slice level 915. But, 25 
the gaps 810a-c have a low signal level, and can therefore 
be sliced easily at the second slice level 916. As shown with 
the recorded and reproduced waveforms in FIGS. 3a-3g, it 
is possible to reproduce the formed bar codes 923a and 9236 
by level-slicing them at the second slice level 916 by a 30 
conventional optical pickup as shown in FIG. 3e. As shown 
in FIG. 3/, the waveforms of the codes are shaped by a LPF 
filter so as to PE-RZ decode the codes. As shown in FIG. 3g, 
a digital signal is output. 

With reference to FIG, 4, the decoding operation will be 35 
explained. A disk 801 with a BCA includes two transparent 
substrates, which are laminated with a recording layer 801a 
between them. The recording layer may either be a single 
layer 801a or include two recording layers 800a and 8006. 
If there are two layers, a BCA flag 922 is recorded in the 40 
control data of the first recording layer 800a, which is 
adjacent to the optical head 6. The flag 922 indicates whether 
a BCA is recorded or not. Because a BCA is recorded in the 
second layer 8006, the first recording layer 800a is focused 
on first, and the optical head 6 is moved to the radial position 45 
of the control data 924 in the innermost edge of the second 
recording area 919. The control data is main data, and has 
therefore been Eight to Fourteen Modulation (EFM) 8-15 or 
8-16 modulated. Only when the BCA flag 922 in the control 
data is '1', a single/double layer switching part 827 focuses 50 
on the second recording layer 8006 to reproduce the BCA. 
If the signal is sliced by a level slicer 590 at the general first 
slice level 915 as shown in FIG. 2c, it is converted into a 
digital signal. This signal is demodulated in the first 
demodulation part by an EFM demodulator 925, an 8-15 55 
modulator-demodulator 926 or an 8-16 modulator- 
demodulator 927. An ECC decoder 36 corrects errors, if any, 
and outputs main data. The control data in the main data is 
reproduced and only if the BCA flag 922 is 1 is the BCA 
read. When the BCA flag 922 is 1, a CPU 923 orders the 60 
single/double layer switching part 827 to drive a focus 
adjustment part 828, switching the focus from the first 
recording layer 800a to the second recording layer 8006. At 
the same time, the optical head 6 is moved to the radial 
position of the second recording area 920, that is, for the 65 
DVD standard, the BCA is recorded between 22.3 and 23.5 
mm from the inner edge of the control data. Then the BCA 



4 

is read. Reproduced in the BCA area is a signal with a 
partially missing envelope as shown in FIG. 2c. By setting 
in the second level slicer 929 the second slice level 916 of 
which the quantity of light is smaller than that of the first 
slice level 915, it is possible to detect the missing parts of the 
reflecting portion of the BCA, and a digital signal is output. 
This signal is PE-RZ demodulated by the second demodu- 
lation part 930, and ECC decoded by an ECC decoder 9306 
so as to output BCA data, which is auxiliary data. Thus, the 
first demodulator 928, operative according to, 8-16 modu- 
lation demodulates and reproduces the main data, while the 
second demodulation part 930 operative according to PE-RZ 
modulation demodulates and reproduces the auxiliary data, 
that is, the BCA data. 

FIG. 5a shows the reproduced waveform before passage 
through a filter 943. FIG. 56 shows the working size 
accuracy (precision) of the slits of the low reflecting portion 
810. It is difficult to make the slit width less than 5 mm. In 
addition, if the data is not recorded inward radially from 23.5 
mm, it will not be properly reproduced. Therefore, for a 
DVD, because of the limitations of the shortest recording 
cycle of 30 mm and the maximum radius of 23.5 mm, the 
maximum capacity after formatting is limited to 188 bytes or 
less, 

The modulating signal is recorded as pits by the 8-16 
modulation mode, and a high frequency signal such as the 
high frequency signal part 933 in FIG. 5a is obtained. 
However, the BCA signal is a low frequency signal like low 
frequency signal part 932. Thus, if the main data complies 
with the DVD standard, it is a high frequency signal 932 
which is about 4.5 MHz or less, shown in FIG. 5a, and the 
auxiliary data is a low frequency signal 933 which is 8.92 ms 
in period, that is, about 100 kHz. It is therefore relatively 
simple to frequency-separate the auxiliary data with a LPF 
943. A frequency-separating method 934 as shown in FIG. 
4, including the LPF 943 can easily separate the two signals. 
In this case, the LPF 943, may be simple in structure. 

The foregoing is an outline of the BCA. 

With reference to FIG. 6, the overall system of a cipher 
software unlatching system, narrowed down to the opera- 
tions of password issue, cryptocommunication, and orderer 
certification, will be described. The steps in a press factory 
are nearly the same as in FIG. 1, so the original disk 800 and 
the completed disk 809 are not shown. 

In a press factory 811, a cipher encoder 812 enciphers the 
data in the plaintexts 810 of the first to the '1- m'th contents 
or scrambles the picture signals therein with the first to ( 1- 
m*th cipher keys 813, respectively. The data or the signals 
are then recorded on an original optical disk 800. Disk-like 
substrates 809 are pressed from the original disk 800. After 
a reflecting film is formed on each substrate 809, the two 
disk-like substrates are laminated together. Thereafter a 
completed disk 809 is made. Recorded in the BCA areas 814 
of completed disks 809 are different IDs 815 and/or first 
cipher keys 816 (public keys) and/or second cipher keys 817 
(public keys) and second computer connection addresses 
818 so as to make disks 801 each with a BCA. The disks 801 
are distributed to users. 

The contents of these disks have been enciphered. 
Therefore, in order to reproduce the contents of each of the 
disks, it is necessary to get a password from a password issue 
center, an electronic shop or a mall, by paying a charge. That 
procedure will be described next. 

In a user's first computer 909, if a reproducer 819 
reproduces a distributed disk 801 with a BCA, a BCA 
reproduction part 820 including a PE-RZ demodulation part 
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reproduces the data of the ID 815, first cipher key 816, the second cipher key 817 of the public key cipher repro- 

second cipher key 817 and/or connection address 818, In duced by the BCA reproduction part 820, the second cipher 

order to get a password, the connection address 818 of the encoder 831 ciphers the accounting data 830 such as an 

second computer 821a, which is the server of a password individual's credit card number with a public key system 

issue center 821, is accessed through a communication part 5 cipher such as RSA. The enciphered data is sent from the 

822 via the Internet or another network 823, and the ID is communication part 822 through the second computer 821 

transmitted to the second computer 821a. to the cipher decoder 832 of the third computer 828. In this 

Here, the cryptocommunication procedure will be case, if there is a need for digital signature, the secret key 

described. The second computer 821a receives the ID 815 829 is used as the second cipher key 817. 

from the user's reproducer 819. Then, the second computer 10 Similar to the procedure for the cipher key of the second 

or server 821a of the password issue center 821, which is computer 821a of the password issue center 821, it is 

called a 'mall 1 or an 'electronic shop* has a cipher key possible to search the cipher key database 824a for the 

database 824. This database contains a table of the secret second decoding key 829 corresponding to the ID or the 

keys which are the decoding keys corresponding to the second cipher key 817. By using this decoding key 829, the 

disks' own IDs or the first cipher keys 816 of the IDs, that 1 5 second cipher decoder 832 can decode the enciphered 

is the first decoding keys 825 and the IDs. The server can accounting data, 

therefore search for the first decoding key 825 based on the If a digital signature is made by the second cipher encoder 

received ID. Thus cryptocommunication is completed from 331 the secret key 829, the user's signature can be 

the first computer to the second computer 821a. In this case, confirmed in the second cipher decoder 832. The accounting 

if the first cipher key and first decoding key are common 20 center 828 ^ thus get the user > s credit card Dum ber, bank 

keys of a common key cipher, not of an public key cipher, carc j number, bank password, or other accounting data safely 

they are the same key. even v f a me Internet. In open networks such as the Internet, 

If the user wants to use part of the enciphered contents security comes into question. By means of this system, 

stored on the disk 801, which may be 1,000 in number, for however, it is possible to make cryptocommunication or 

example, the content number 826 of which is 'n', the user 25 certification without fault, because the cipher key (public 

sends to the second computer 821a the cipher which is the key) for cryptocommunication or the secret key for digital 

content number 826, that is, 'n' enciphered with the public signature has been recorded in the BCA. It is therefore 

key which is the first cipher key 816 by the first cipher possible to prevent third parties' unauthorized accounting 

encoder 827 composed of public key cipher functions. The and orders. In addition, because it is possible to use various 

second computer 821a searches for the first decoding key 30 public keys for different disks, that is, different users, the 

825 for decoding this cipher as stated above. It is therefore confidentiality of communication is improved, and the pos- 

possible securely to convert this cipher into plaintext. Thus, sibility of users' accounting data leaking to third parties is 

the cipher protects the privacy of the user's order data. reduced. 

In this case, a signature may be made by means of the ^ Referring back to FIG. 6, the procedure for issuing a 

secret key of the public key cipher as the first cipher key 816. password and the procedure for unlatching with a password 

This method is called 'digital signature'. For a detailed will be explained. The password issue center 821 includes a 

explanation of the operation of 'digital signature', see, for password generation part 834 with an operation expression 

example, 'Digital Signature of E-Mail Security by Bruce of public key ciphers etc. Part 834 is accessed automatically, 

Schneider 1995'. ^ and merely by distributing disks with cipher keys recorded 

Back to the cryptocommunication, the cipher is sent in the BCAs, security is possible for distribution of corn- 
through the communication part 822 and network 823 to the modities by releasing the ciphers of contents, certification 
first cipher decoder 827 of the password issue center 821. and keeping secret purchase of goods, certification and 
Thus the first cipher decoder 827 decodes the cipher by keeping secret when accounts are settled, and the like, 
means of the first pair cipher key 825 pairing with the first 45 Therefore, the method of cryptocommunication of the 
cipher key 816. present invention can, without lowering security, omit and 

In this case, because only the one disk has the public key, rationalize the conventional operations of using IC cards, 

it is possible to reject invalid orders from third parties' disks. floppy disks and/or letters to distribute IDs and/or cipher 

In other words, because each disk can be certified, it is keys to users. This is a great advantage. Furthermore, a 

possible to certify the user who owns the disk. It is thus 50 URL, which is an Internet connection address, is not fixed, 

certified that the content number 'n* represents a particular but changeable. The URL is recorded in the original disk, 

individual's order. It is therefore possible to exclude invalid and may be accessed. It is, however, not efficient from the 

orders of third parties. points of view of time and cost to vary the original disk when 

If the public key 816 is secret, this method can technically a URL cnan 6 e fe made - Bv havin g recorded the changed 

be used to send a credit card number, or other accounting 55 URL in the BCA ' and connectin g the BCA connection 

data which requires high security. Generally shops called address 931 instead of the connection address of the original 

'malls' however, do not settle users' accounting data disk only if the connection address 931 is reproduced from 

electronically, because there is no guarantee of security. the BCA » 11 ™ possible to access the changed address 931 

Only the accounting centers 828 of credit card companies, without preparing a new original disk, 

banks and the like can deal with users' financial data. 60 FIG - 6 shows a case where the first kev of tne P ublic kev 

Presently, security standards such as secure electronic trans- and the second key of the public key have been recorded in 

action (SET) are being unified, so it is probably that Rivest, the BCA. 

Shamir and Adleman (RSA) 1024 bit public key ciphers will FIG. 8 shows two diagrams, in one of which the first 

be used and the encipherment of financial data will be cipher key 816 of the public key and the third decoding key 

possible . 65 817a of the secret key have been recorded in the BCA. In the 

Next, the accounting data cryptocommunication proce- other diagram, a cipher key is produced for cryptocommu- 

dure of the present invention will be shown. First, by using nication. Because the procedure is similar to that of FIG. 6, 
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only different points will be described. First, in a press 837 decodes or descrambles the *1- n'th cipher, outputting 

factory, the first cipher key 816 and third decoding key 817a the plaintext data of the '1- n'th content 838, or a 

are recorded in the BCA. The third decoding key 817a is descrambled picture signal or audio signal, enciphered with 

used to receive the cipher tne public key from an accounting center. In this case, the 

In this case, if the second timing data 835fc of the clock 5 reception security is improved^ 

836b does not coincide with the first timing data 838 of the First ' wBh rc f ere . nce l ° nG 8 '. a mor , e s P? afic exam P le °f 

password, the cipher is not correctly decoded and therefore cryptocommumcaUon where a apher key is generated will 

r 4 j j tc ' j . • i , v , . be descnbed. Because the first cipher key 816 is a public 

not reproduced. If timing data is used it can be applied to {{ fa nec tQ ^ ^ ^ ^ ^ for 

time-hmit type rental systems, so that a movie can be reception in the BCA. But the BCA has a small capacity. In 

reproduced for only three days during a rental period. w ^ pubhc key fleeds processing time Therefore, in 

While FIG. 6 shows the procedure in a block diagram, the FIG. 8, the cipher key generation part 838a of the first 

flowcharts of the procedure will be explained later with computer 836 generates a pair of a cipher key and a 

references to FIGS. 16-23. decoding key for the public key or a common key by means 

Next, the system for the cipher key will be described. By of a random number generator or the like. An example of the 

putting, as shown in FIG. 7a, both the first cipher key 816 common key will be described. A common key K 838 is 

and second cipher key 817 in the BCA, it is possible to enciphered with the first cipher key 816 and first cipher 

provide two securities, for a commodity deal with a shop- encoder ^V 0 the secon J d . computer 821a. The 

ping mall and an account settlement with an 'accounting seco nd computer uses the main decoding key 844 to convert 

center* cipher into plaintext by means of the main cipher 

20 decoder 843, obtaining a common key K 838a. Because both 

In this case, with respect to the security with an account- have the common key k, it is possible to make cryptocom- 

ing center, it is planned to unify standards such as SET, so mU nication from a shop to a user, that is, from the second 

that an RSA 1024, that is 128 byte cipher key, will be stored computer 821a to the first computer 836 by delivering the 

in the second cipher key area 817a. Then, because the BCA common key K to the second cipher encoder 842a and 

has only 188 bytes, only 60 bytes remain for the cipher key 25 second cipher decoder 847a. Naturally, it is also possible to 

for dealing with a shopping mall. An elliptic function system make cryptocommunication from the user to the shop, that 

public key cipher is a cipher function which is 20 bytes in is, from the first computer 836 to the second computer 821a 

magnitude and which has a security level equal to that of 128 by delivering the common key K to the second cipher 

bytes of RSA 1024. encoder 827a and second cipher decoder 845a. The effects 

An elliptic function is used in the first cipher key area 30 of the method of recording in the BCA the first cipher key 

816a of the present invention. An elliptic function can obtain which is a public key and generating a cipher key will be 

20 byte security, which is equivalent to RSA 1024. stated. First, it is necessary only to record the first cipher key, 

Therefore, by using an elliptic function, it is possible to store so that the recording of the decoding key can be omitted, 

both the first cipher key 816 and second cipher key 817 in Therefore, the small capacity of the BCA is not reduced, 

the 188 byte BCA area. 35 Second, because the decoding key is recorded in the BCA, 

By applying a BCA to an optical ROM disk, as stated the security is improved. The common key may be changed 

before, it is possible to record a disk's own ID number, the eacD & mc - 

first and second cipher keys, and a connection address. In Because of the short operation time, the processing time 

this case, if the Internet is used, a mall generates a password is short. In this case, if the cipher key generation part 838a 

in the basis of three data fields, namely, the ID, the content 40 has generated a pair of a cipher key and a decoding key of 

number which the user wants to unlatch, and the time data a public key cipher, not a common key, it is possible to make 

representing the period of use allowed. The generated pass- the security higher than that with the common key, though 

word is sent to the first computer 909. In the simplest the processing time is longer, by cryptically sending the 

structure example, the second computer enciphers with the cipher key to the second computer 821a, using this key as 

public key for the public key cipher the data which is a mix 45 the cipher key of the second cipher encoder 842a, and using 

of the decoding key disk ID for releasing the cipher of the the decoding key as the decoding key of the second cipher 

( 1- n'th content and the timing data, prepares at the password decoder 847. If the performance of the processing CPU is 

generation part 834 the '1- n'th password 834a which is a high, it is preferable that the public key be used. If a new 

mix of secret keys for unlatching the enciphered data, and public key is generated, only the public key for the first 

sends this password 834a to the first computer 909. The first 50 cipher key is recorded in the BCA, so that no problems of 

computer 909 receives the '1- n'th password, and decodes security arise. No capacity of the BCA is consumed either, 

with the secret key the mixed keys of the disk ID, the timing In addition, because it is not necessary to change the cipher 

data and the '1- n'th content. Here, the password operation key, maintenance is easy. 

part 836 checks the ID 835a of the BCA reproduced from the This time, if the common key K 838 is defined at the 
disk, the present second timing data 8356, the allowed ID 55 second computer 821a of the password issue center 821, the 
833a and the first timing data 833, and operates to determine common key is enciphered with the third cipher key 839 by 
if they coincide. If they do coincide, they are allowed. The the third cipher encoder 840, and sent to the personal 
'1- n'th decoding key 836a is output to the cipher decoder computer 836. By using the third decoding key 837 which 
837. The cipher 837a of the ' 1- n'th content is decoded. The is the secret key reproduced from the BCA, the third cipher 
'1- n'th content 838 then is output. The period of output is 60 decoder 841 of the personal computer 836 makes a trans- 
limited to the time during which the first timing data 833 and lation into plaintext to obtain a common key K 8386. In this 
second timing data 8356 coincide. The password operation case, because only this user has the third decoding key 817a 
part 836 of the first computer 909 computes three data fields, which is the secret key, it is possible to prevent the contents 
which are the ID, the password 835 and the timing data from of communication from the center to the user from leaking 
the clock 8366 representing the present time. If the ID and 65 to third parties. The format of this case is shown in FIG. 76. 
timing data are correct, the correct decoding key is output as If an elliptic function is used, the third decoding key 8396 
the result of the computation. Therefore, the cipher decoder may by 20 bytes, and can therefore be stored in the BCA. 
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FIG. 9 shows a system for reducing the costs of preparing 
an original disk by using a BCA in an encipherment disk. 

If there is a number V of, for example, 1,000 plaintext 
contents 850, the cipher encoder 852 enciphers Ihem with 
the first to the 'm'th cipher keys 851, respectively. The 
ciphered first to the 'm'th contents 853, the decoding pro- 
gram 854a for the first to 'm'th contents, and the second 
cipher decoder 861a, which is the program for decoding the 
second cipher, are recorded as pits in an original disk and 
then molded into a substrate, and a reflecting film is formed. 
Thereafter, two substrates are laminated together to com- 
plete an optical disk 801. The second cipher encoder 860 
enciphers the decoding data 854 such as the password for 
unlatching the '1- n'th, for example, the first content, and the 
decoding key. Recorded in advance in the BCA of the first 
disk are the disk's own identification data, that is, the ID 855 
and the second cipher which is the enciphered decoding 
data. Then, in the reproducer, the second cipher is repro- 
duced from the BCA reproduction part 820. The second 
cipher decoder 861 is reproduced from the data reproduction 
part 862, which reproduces the ordinary recorded data other 
than the BCA. Therefore, the second cipher decoder 861 is 
used to decode the second cipher, reproducing the ID 855a 
and '1- n'th password 854a. The cipher decoder 8556 uses 
the decoding program 854a for the '1- n'th content repro- 
duced from the data reproduction part 862, and uses the ID 
855a and password 854a to decode the first cipher, obtaining 
the plaintext 855c of the v l- n'th content and the identifi- 
cation data 855a. For a personal computer, the content and 
ID are recorded on the hard disk 863. This ID 855a checks 
to determine if there is no same ID on a network when the 
program has started, and the ID 855a actuates the network 
protection. It is therefore possible to prevent the software 
from being illegally installed. This is yet another advantage 
of the present invention. For example, if 1,000 enciphered 
contents are stored and decoding data such as a password 
corresponding to a particular software applications are 
recorded on an original disk, this is equivalent in substance 
to the preparation of an optical ROM disk for a particular 
content. It is possible to obtain with one original disk the 
same effect as in the case where original disks for 1,000 
kinds of software are cut. It is therefore possible to reduce 
the costs and time or labor for preparing an original disk. 

Described with reference to FIG. 10 is the procedure for 
enciphering contents with a BCA when recording them on a 
RAM disk. First, the BCA reproduction part 820 reproduces 
the BCA data from the RAM disk 856, outputs an ID 857, 
and sends it through the interfaces 858a and 8586 and the 
network to the encipherment part 859. The cipher encoder 
861 of the encipherment part 859 enciphers contents 860 or 
scrambles picture and sound signals by means of a key 
including the ID 857. The enciphered contents are sent to the 
recorder/reproducer, where the recording circuit 862 records 
them on the RAM disk 856. 

Next, when this signal is reproduced, the data reproduc- 
tion part 865 demodulates the main data to reproduce the 
enciphered signal, and the cipher decoder 863 decodes the 
reproduced signal. The BCA reproduction part 820 repro- 
duces data containing the ID 857 from the BCA area of the 
ram disk 856. The reproduced data is sent as part of the key 
to the cipher decoder 863. If normally copied, the cipher key 
recorded in the RAM disk is a normal disk ID. The RAM 
disk ID, also, is a normal disk ID. Therefore, the cipher is 
decoded or descrambled to output the plaintext 864 of the ' 1- 
n'th content. For a graphic data, for example, the MPEG 
signal is extended to obtain a picture signal. 

In this case, the disk ID is the key for encipherment. 
Because each disk is unique, it can be copied on only one 
RAM disk. 



1,785 

10 

If a disk ID is copied from a normal RAM disk to another 
RAM disk, ID1 which is the original normal disk ID differs 
from ID2 which is the disk ID of the other, unauthorized, 
RAM disk. If the BCA of the unauthorized RAM disk is 

5 reproduced, ID2 is reproduced. The contents are ciphered 
with ID1, however, so that, even if unlatching is attempted 
with ID2 at the cipher decoder 863, the cipher is not decoded 
because the key differs. Thus, the signal of the illegally 
copied RAM disk is not output, so that the copyright is 

1Q protected. The present invention uses a disk ID system. 
Therefore, by reproducing with any drive the normal RAM 
disk copied normally only once, it is possible to unlatch the 
cipher. The encipherment part 859 may, in place of the 
center, be an IC card with a cipher encoder. 

15 with reference to the block diagram of FIG. 11 and the 
flowchart of FIG. 12, the method of preventing copying will 
be described. At Step 877a, the installation program is 
actuated. At Step 8776, the BCA reproduction part 820 
outputs the ID of the auxiliary data from the laminated 

20 optical disk 801. At Step %lld t the data reproduction part 
865 reproduces the contents and network check software 
870 from the main data. The contents and the ID 857 are 
recorded on the HDD 872. At Step 877c, the ID 857 is 
encoded with a particular secret cipher so as not to be altered 

25 illegally, and is recorded as a soft ID in the HDD 857. Thus, 
the soft ID 873 is recorded together with the contents on the 
HDD 872 of a personal computer 876. Here described is the 
case where the program is started at Step 877/ of FIG. 12. 
When the program is started, the procedure goes to Step 

30 877g, where the soft ID 873 of the HDD 872 is reproduced, 
and the soft ID 873a in the HDD 872a of another personal 
computer 876a on a network 876 is checked through the 
interface 875. At Step 877/t, a check is made to judge if the 
soft ID 873a of the other personal computer and the soft ID 

35 873 are the same number. If so, the procedure goes to Step 
877;', where the start of the program of the personal com- 
puter 876 is stopped or a warning message is displayed on 
the screen. 

If the soft ID 873a of the other personal computer and the 

40 soft ID 873 are different, the contents are not installed in the 
plurality of the computers on the network. It is therefore 
decided that there are no illegal copies. Then the procedure 
goes to Step 877/:, where the start of the program is 
permitted. In this case, the soft ID 873 may be sent to other 

45 personal computers through the network. This personal 
computer can detect illegal installation by checking dupli- 
cation of the soft IDs of the personal computers. If there is 
illegal installation, a warning message is sent to the appro- 
priate personal computer/s. 

50 Thus, by recording the ID in the BCA, and recording the 
network check program in the pit recording area, it is 
possible to prevent multiple installation of the software of 
the same ID on the same network. In this way, simple 
protection from illegal copies is realized. 

55 By, as shown in FIG. 13a, applying a write (writing) layer 
850 of white material, on which characters or the like can be 
written, it is possible to not only print characters and write 
a password or the like with a pen, but also prevent the 
substrates of the optical disk from being damaged because 

60 the write layer 850 thickens. The disk ID 815, which is part 
of the BCA data 849 recorded by trimming in the BCA area 
801a above the write layer 850, is translated into plaintext. 
The plaintext is converted into alphanumeric characters 851. 
By printing the characters 851 and general bar code 852, it 

65 is possible for the store and/or user to confirm and/or check 
the ID with a POS bar code reader and/or visually, without 
reading the BCA with a reproducer. The visible ID is not 
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necessary if the user informs the center of the ID through a is replayed for a predetermined number of days. If a user 

personal computer. If, however, the user communicates the rents a disk, given a password for only part of the software 

ID aurally by telephone to the center, it is possible to inform in the disk, and when he/she wants to view other part of the 

the center of the ID without inserting the disk in a personal software, he/she can replay it by being informed of the 

computer, by printing the ID identical with the BCA ID in 5 password for this part by telephone at Step 951m, and 

visible form on the disk, because the user can visually read entering the password in Step 951/:. A rental video store has 

the ID. With reference to the flowchart of FIG, 13c, the steps been shown as an example. When a piece of enciphered 

for making an optical disk will be explained. At Step 853rf, software for a personal computer is sold at a personal 

disks are molded from an original disk, and substrates in computer software store, the password may be printed by a 

which pits have been recorded are made. At Step 853<>, 10 POS terminal and handed to the buyer, 

aluminum reflection films are made. At Step 853/, two disk The operations of Processes 5 and 6 in FIG. 15 at a selling 

substrates are laminated with an adhesive so that a DVD disk or rental store will be explained in more detail with reference 

or the like is completed. At Step 853g, a label is printed by to FIG. 14. A selling store receives an enciphered and/or 

screen printing on one side of each disk. At this step, the scrambled disk 944/ from the software maker. After the store 

original disk's own identification data is recorded in the 15 confirms its receipt of money from a user, it sends from its 

form of a bar code. At Step 853/i, an ID and/or other bar code recorder 945 the ID number of the disk 944/ and the 

identification information is printed in the format of a bar data on the sub-public key via its POS terminal 946 to the 

code for POS on each disk by an ink jet bar code printer or password issue center 952. For a small-scale system, the 

a thermal-transcription bar code printer or the like. At Step password issue center, that is, the system including the 

853*, the bar code is read by a bar code reader. At Step 853;, 20 sub-secret key of the sub-public key may exist in the POS 

a BCA data corresponding to the identification data is terminal. The password issue center inputs the disk ID 

recorded in the second recording area of the disk. According number and the time data at Step 951^, computes them at 

to this method of manufacturing, the BCA data is recorded Step 951s, enciphers them with the sub-secret key at Step 

after all the steps including the POS bar code and excluding 951/, issues a password at Step 95 lg, and sends it through 

the BCA are finished and then the disk identification data is 25 the network 948 and POS terminal 846 to the BCA bar code 

confirmed. The BCA can be read only by reproducing the recorder 945. Then the recorded disk 944g is handed to the 

disk, but the POS bar code, which is low in density, can be customer. The disk 944g can be replayed as it is. 

read by a commercial bar code reader. The disk ID can be For rental stores and personal computer software stores, 

discriminated at every step in the factory. By recording the ROM disks 944/ the ciphers and/or scrambles of which have 

disk ID in the form of a POS bar code before the BCA 30 not been released are displayed in stores. If a customer 

trimming, it is possible to almost completely prevent the designates a particular ROM disk 944/, the bar code of the 

BCA and the POS bar code from being illegally recorded, reflection layer by the non-reflection part 915 of the disk 

The method of using a BCA will be stated by which 944/ is read, so that the disk ID number is read, by a person 

secondary recording and tertiary recording, too, can be made holding a circular bar code reader 950 with an integrated 

by the BCA method. As shown at Process 2 in FIG. 15, a 35 rotary optical head 953 for spirally scanning, and pressing it 

software maker can also secondarily record a pirated edition on the center of disk 900 in a transparent case. By printing 

prevention mark and a check cipher. At Process 2, disks the commodity bar code of the disk ID as shown at 852 in 

9446 may be made in which different ID numbers and/or FIG. 13, it is possible to read the code with an ordinary POS 

cipher keys for secret communication with users have been terminal bar code reader. Alternatively, the pressed circular 

recorded. It is possible to replay the disks 944c and 944d 40 bar code recorded in advance on the original disk may be 

without entering the passwords. read. These data including the disk ID are processed by the 

For another application, at Process 3, an enciphered or POS terminal 946. The charge is settled by credit card. The 

scrambled MPEG picture signal and/or other data is password issue center issues, at Step 951g, a password 

recorded on a disk 994e. The operation of the MPEG associated with the ID number as stated above. For rental 

scramble will not be explained in detail. At Process 4, the 45 use, a password is made by enciphering the disk ID number 

software company makes a disk 844/ in which a sub-public with date data added as used at Step 951r in order to limit 

key for decoding the ID number and the scramble release the number of days for which the disk can be replayed. For 

data have been BCA-recorded secondarily. It is not possible this password, the disk can operate on only particular days, 

to replay this disk solely. At Process 5, the selling store, after It is therefore possible to set a rental period, which may be 

receiving the money for the disk, makes a password with the 50 tnrce days, for instance, in the password, 

sub-secret key paired with the sub-public key, and records it The thus issued password for descrambling is printed at 

tertiarily on the disk. Alternatively, a receipt on which the Step 951/ together with the date of rent, the date of return 

password has been printed is given to the user. Thereafter, and the rental title charge on the receipt 949, and handed 

the password has been recorded in the disk 844g, so that the with the disk to the customer. The customer takes the disk 

user can replay it. This method prevents a disk not paid for 55 944/ and receipt 949 home. At step 9Slk, the customer enters 

from being replayed normally, even if the disk is shoplifted, the password with the ten-key input part 954 of the first 

because the scramble of the image is not released. As a computer 909 in FIG. 6, so that the password 835 is 

result, shoplifting renders a useless product and thus computed with the ID number 835a and input into the cipher 

decreases. decoder 837. Then, the password is converted into plaintext 

If a password is BCA-recorded permanently in a rental 60 by means of the decoding key. Only if the password is 

video store or another store, a shoplifted disk can be used. correct, will the cipher decoder 837 descramble the program 

In this case, as shown at Process 6, the BCA is read by a POS data and supply image output. 

bar code reader in the store. A password for releasing the In this case, if the password includes time data, the data 

scramble is issued at Step 951g, printed on the receipt at Step is checked with the date data of the clock part 836b. The 

95b\ and handed to the customer at Step 951/. The customer 65 password is descrambled for the coincident dates. The 

enters, at Step 951Jt, the password on the receipt in a player inputted password is stored together with the associated ID 

with numeric keys at his/her house. At Step 951p, the disk number in the nonvolatile memory 755a of the memory 755. 
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Once the user enters the password, it is descrambled without 
being entered again. It is thus possible to lock and unlock the 
disk electronically in distribution. 

With reference to FIG. 16, the method of decoding the 
software of a disk which has been recorded as cipher data 
will be explained in detail 

Step (Process) 865 represents the overall flow of distri- 
bution of cipher data and individual IDs to users. First, at 
Step 865a, a number 'm* of data enciphered with the secret 
first cipher key and a program for decoding the enciphered 
data are recorded in the ROM area of an original disk. At 
Step 8656, substrates are molded from the original disk, and 
then the substrates with reflection films added thereto are 
laminated in pairs to make completed ROM disks. At Step 
865c, the decoding data (the disk identification data different 
for the pressed disks, respectively, and/or the decoding key 
for the cipher data) necessary to decode the enciphered data 
is recorded in the auxiliary recording area (called BCA), 
which cannot be rewritten, of each completed disk by a 
method of modulation different from that for the ROM area. 
At Step 865d, a user replays the distributed disk, selects a 
desired enciphered data *n\ and starts the decoding process. 
At Step 865e, the user's first computer reproduces the 
enciphered data and the decoding program from the ROM 
area, and reads the decoding data from the auxiliary record- 
ing area (BCA). If, at Step 865/, the second decoding data 
is not obtained on-line, then, at Step 871a of FIG. 17, the ID 
and/or other auxiliary decoding data are displayed on the 
screen. At Step 8716, the user obtains the second decoding 
data such as the password associated with the ID, and enters 
it into the first computer. Carried out at Step 871c is a 
particular operation of an open-key cipher function with the 
disk identification data, the second decoding data, and the 
enciphered data V If, at Step 871a", the result is correct, 
then, at Step 871/, the *1- n'th data is translated into 
plaintext, so that the user can make the software of the data 
'n* operate. 

Next, with reference to the flowchart of FIG. 18, the 
method of cryptocommunication essential to the Internet 
and/or the like using a BCA will be described. Step (Process) 
868 is the routine of the method of distributing the commu- 
nication program and cipher key for communication to 
users. First, at Step 868a, at least the communication pro- 
gram and/or connection data are recorded in the ROM area 
of an original disk. At Step 8686, substrates are molded from 
the original disk, and the substrates are laminated in pairs to 
make completed ROM disks. At Step 868c, the disk iden- 
tification data different for the pressed disks, respectively, 
and the cipher key for cryptocommunication are recorded in 
the non-rewritable auxiliary recording area (BCA) of each 
completed disk. According to circumstances, the connection 
address of the second computer and/or the decoding key for 
cryptocommunication is recorded by a method of modula- 
tion different from that for the ROM area. At Step 868d, the 
user's first computer reproduces the communication pro- 
gram and the decoding program from the ROM area, and 
reads the disk identification data and the cipher key for 
communication from the auxiliary recording area. The pro- 
cess continues at FIG. 19. At Step 867a, it is judged if there 
is a connection address in the BCA area. If yes, the second 
computer is accessed, at Step 8676, on the basis of the 
connection address such as the BCA area URL. If there is no 
connection address, the computer of the connection address 
in the ROM area is accessed at Step 867c. At Step 867a*, the 
transmit data is input. At Step 867e, it is judged if there is 
a cipher key for cryptocommunication in the BCA area. If 
so, the transmit data is enciphered, at step 867g, with the 
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cipher key for cryptocommunication in the BCA area to 
make a third cipher. If not, the data is enciphered, at step 
867/, with the cipher key for cryptocommunication in the 
ROM area or HDD to make a third cipher. 

5 In FIG. 20, Step (Process) 869 represents the routine of 
generating a decoding key for the cipher received from the 
second computer 910. First, at Step 869a, the first computer 
judges if a decoding key for communication is necessary. If 
necessary, the process goes to Step 8696, where a check is 

10 made to judge if there is a decoding key for communication 
in the BCA. If there is no decoding key, the process goes to 
Step 869c, where a pair of second cipher key for commu- 
nication and second decoding key for communication is 
generated newly with the program for generating the cipher 

15 key/decoding key reproduced from the ROM area, by the 
user keying or with data from a random number generator 
and the second encoder reproduced from the ROM area. At 
Step 869a*, a fourth cipher is made which is the second 
cipher key for communication and/or the user data enci- 

20 phered with the cipher key for communication recorded in 
the BCA and the encipherment software reproduced from 
the ROM area. At Step 869e, the fourth cipher and the disk 
identification data and/or the user address are sent to the 
second computer of the connection address reproduced from 

25 the disk. The process of the second computer includes Step 
869/, where the fourth cipher, the disk identification data and 
the user address are received. At Step 869g, the decoding 
key for communication paired with the disk identification 
data is selected from the decoding key data base, and the 

30 fourth cipher is decoded with the selected key to obtain the 
plaintext of the second cipher key for communication. At 
Step 869/j, the fifth cipher which is the server data including 
part of the user data and enciphered with the second cipher 
key for communication is sent through the Internet 908 to 

35 the first computer. At Step 869t, the fifth cipher (and disk 
identification data) is (are) received, and decoded with the 
second decoding key for communication and the decoding 
function recorded in the ROM area to obtain the plaintext of 
the server data. In this way, the method of Step 869 in FIG. 

40 20 realizes two-way cryptocommunication between the first 
and second computers. 

In FIG. 21, Step (Process) 870 represents the routine of 
receiving accounting data. If, at Step 870a, the accounting 
data is input, the third cipher key of the public key cipher for 

45 accounting communication is requested from the second 
computer. At Step 8706, the second computer requests the 
third cipher key from the third computer. The third computer 
911 sends the ID and third cipher key to the second 
computer, though the exchange step is omitted. At Step 

50 870c, the second computer receives the ID and third cipher 
key. At Step 870e, the seventh cipher which is the third 
cipher key enciphered with the second cipher key for 
communication and/or the like is sent to the first computer. 
The first computer receives the seventh cipher at Step 870/. 

55 At Step 870g, the received seventh cipher is decoded with 
the second decoding key for communication so as to obtain 
the third cipher key (public key of public key function). At 
Step 870A, the third cipher key is recorded on the HDD 
according to circumstances. This is used for the next trans- 

60 mission. At Step 870i, it is judged if a credit card number, 
a password for settlement and/or other secret accounting 
data are input. At Step 870/, the eighth cipher which is the 
accounting data enciphered with the third cipher key is sent 
via the second computer to the third computer. At Step 870/:, 

65 the second computer receives the eighth cipher and transfers 
it again to the third computer. Only the third computer 912, 
which is, for example, at a banking institution, has the 
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decoding key for the third cipher, so that the second data and the third cipher key (public key of the public key 

computer, which is an electronic store, cannot decode it. At function). At Step 872h, according to the need, the third 

Step 870m, the third computer determines from the cipher cipher key is recorded on the HDD. At Step 872/, it is judged 

key data base the third decoding key associated with the if the accounting data is input. If so, the process goes to Step 

third cipher key by using identification data on the disk 5 872/, where the eleventh cipher which is the accounting data 

and/or the like, and decodes the eighth cipher with the third enciphered with the third cipher key is sent via the second 

decoding key, which is the secret key of the public key computer to the third computer. At Step 872m, the second 

cipher, so as to obtain the plaintext of the accounting data. computer sends the eleventh cipher again to the third com- 

At Step 870n, a check is made to judge from the user's credit P uter - At Ste P 872w, » the tmrd computer determines from the 

data, deposit remains and/or other banking data whether the 10 third ci P her ke y data base > the third ci P he r ke y P aircd with 

money can be received. At Step S70p f the third computer lne identification data on the disk and/or the like, and 

informs the second computer of the result of the search. The decodes the eleventh cipher to obtain the plaintext of the 

second computer, which is an electronic store, judges at Step accounting data. At Step 872k, the possibility that the money 

870? if the money can be received. If not, the process goes can be received from the user is checked. At Step 872p, the 

to Step 870r, where the article and/or the key for decoding 15 result of lhe is sent to the second computer. At Step 

the cipher software is not sent. If the money can be received, 872 ?> tne second computer checks to judge if the money can 

for a key provision system as shown in FIG. 16, the process be received from the user. If so, for a key provision system 

goes to Step 8705, where the cipher software decoding key, as shown in FIG. 16, the process goes to Step 872y, where 

that is, the article is sent via Internet 908 to the user's second the cipher software decoding key, that is, an article is sent 

computer. At Step 870/, the first computer receives the 20 v i a the Internet to the user's second computer. At Step 872/, 

cipher software decoding key. At Step 870w, the cipher of the the computer receives the cipher software decoding key. 

'1- n'th enciphered software is released. At Step 870w>, the At Ste P 872m > tne ci P her of the <x * n ' lh enciphered software 

plaintext of the software is obtained, In this way, a content is released. At Step 872h>, the plaintext of the software is 

key provision system is realized. obtained. In this way, a content key provision system is 

The method of Step 870 in FIG. 21 requests the third 2 5 realized 

computer, that is, a banking institution to issue according to Th e rnerit of the effect of the method of Step 872 in FIG. 

the need a public key for the third cipher key, which needs 22 k that, because both the cipher key and the decoding key 

high security for accounting data. It is not necessary to are recorded in the BCA area, it is not necessary to transmit 

record the public key in the BCA in advance. It is therefore the decoding key and/or the cipher key necessary for recep- 

possible to use for the third cipher key a stronger RSA 30 tion from the second computer. The maximum BCA capacity 

system cipher key of 256 bytes of RSA2048 without con- is 188 bytes. A P ublic ke Y and/or another cipher function 

suming the BCA capacity. Further, because there is no need needs onl y 128 bvtes * and can therefore be recorded. Further, 

for recording in the BCAs of all disks in advance, the total it is possible to bidirectionally encipher the grade in 

of the issued third cipher keys decreases, and the computer RSA512. Because seven or eight elliptic functions can, as 

CPU time taken to compute the third cipher keys decreases. 35 shown in FIG. 7, be stored, elliptic functions are more 

In addition, because the third ciphers do not exist in the effective. 

BCAs, they are not opened, so that the security is improved. With reference to FIG. 23, the operation and effect in a 

In this case, the role of the BCA is, as shown in FIGS. 19 and case where the first and third cipher keys have been recorded 

20, to record the identification data of a secret communica- in the BCA in advance will be explained. Because Steps 

tion disk by means of the cipher key of the RSA1024 grade. 40 8 ?2a through 872w in FIG. 22 are nearly identical with 

Only one BCA disk realizes cryptocommunication with the Steps 873a through 873w in FIG. 23, only the different steps 

second computer, so that the effect is high. will be explained. 

With reference to FIG. 22, Step (Process) 872 of crypto- The third cipher key for protecting the security for 

communication in a case where the cipher key and the accounting data and/or other banking data has been recorded 

decoding key both for communication have been recorded in 45 in the BCA. Therefore, at Step 873e, the second and third 

the BCA will be described. At Step 872g, the first computer computers do not need to generate and send the third cipher 

909 sends to the second computer 910 the ninth cipher which key. At Steps 873e, 873/ and 873g, the twelfth cipher is sent 

is the user data enciphered with the cipher key for commu- and received. At Step 873;, the third cipher key is read from 

nication reproduced from the BCA, the basic identification the BCA area, and the user's accounting data is sent via the 

data recorded in the ROM area when the original disk was 50 second computer to the third computer. The method of FIG. 

made, and the disk identification data recorded in the BCA 23 does not need the third cipher key generated, sent and 

area. At Step 8726, the second computer receives the ninth received at all, so that the procedure is simple, 

cipher, the disk identification data and the basic identifica- In the case of electronic settlement systems, in general, 

tion data. At Step 872c, the decoding key for communication there are a plurality of accounting centers representative of 

paired with the disk identification data from the decoding 55 credit companies. Therefore, naturally, there is a need for a 

key data base is retrieved, and the ninth cipher is decoded to plurality of third cipher keys, which are public keys. As 

obtain the plaintext of the user data. At Step 872e, the second explained with reference to FIG. lb, there is a need for an 

cipher key associated with the disk identification data is RSA1024 grade or more, that is, 128 bytes or more if an 

selected from the cipher key data base. In addition, the RSA cipher function is used. The third cipher key 8176 can 

second computer sends to the first computer the tenth cipher 60 therefore enter only one place of 188 bytes of the BCA. 

which is the server data enciphered with this second cipher However, elliptic-function cipher keys (elliptic ciphers) 

and the third cipher key received from the third computer by which have appeared in recent years give, with small 

the procedure described in FIG. 21 and enciphered with the capacity, security equivalent to that of RSA. In recent years, 

second cipher. The first computer receives the tenth cipher at RSA function RSA1024 has been the lowest standard of 

Step 872/. At Step 872g, the received seventh cipher is 65 banking data security. While an RSA function needs 128 

decoded with the second decoding key for communication bytes, it is said that an elliptic cipher needs only about 20 

recorded in the BCA, to obtain the plaintext of the server through 22 bytes for equivalent security. Therefore, as 
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shown in FIG. 7c, it is possible to store in the BCA seven, 
eight or fewer third ciphers which deal with banking data. 
The use of elliptic functions realizes a BCA-application 
electronic settlement system which can deal with a plurality 
of essential banking centers. Explanation has been made, 
concentrated on the third cipher, but even if an elliptic cipher 
is used for the public key for the first cipher key, its effect 
is similar because high security is kept in relation to a 
plurality of electronic stores. 

With reference to FIG. 24, the RAM disk recorder/ 
reproducer with a BCA explained with reference to FIG. 10 
will be described in more detail. As an embodiment, the 
procedure for recording in a RAM disk in a so-called 
pay-per-view system will be described. First, with its pro- 
gram transmitter 883, a CATV company or another software 
company enciphers movie software or other contents 880 by 
using the first cipher key 882 in the first encoder to generate 
a first cipher 900, and sends this cipher to a decoder 886 such 
as each user's CATV decoder. If the decoder 886 sends a 
request for a particular program through a network in a key 
issue center 884, the center sends the first decoding data 
885a to the first decoding part 887 of the first decoder 886. 
The first decoding data 885a is a particular piece of software 
such as the scramble release key for the particular decoder 
system ID number and particular timing data 903, and 
includes a recording permission card 901 for a RAM disk. 
The first decoding part 887 decodes the first cipher 900 with 
the system ID 888 and first decoding data 885a. In the case 
of a picture signal, the signal descr ambled once and 
scrambled further with another cipher to protect the signal 
from being copied is output from the third cipher output part 
889. The picture can be viewed and listened to on a general 
TV 899, though the original signal is guarded from being 
copies. If the recording permission code 901a is NO, it is not 
possible to record in a RAM disk 894. If OK, however, it is 
possible to record in only one RAM disk 894. This method 
will be explained. 

In the decoder 886, an IC card 902 is inserted, and the 
BCA reproduction part 895 reads the BCA of the RAM disk 
894 in a RAM recorder. Then the disk ID 905 is sent to the 
IC card 902. The IC card 902 checks the recording permis- 
sion code 901a and the present time data 904 obtained from 
the disk IC 905 and the decoder 886, and makes a two-way 
hand-shake type copy check 907 with the third cipher output 
part 889. If the recording permission code and copy checks 
are OK, the second auxiliary encoder 891 in the IC card 902 
issues a second cipher key 906. The second encoder 890 
enciphers the third cipher again to generate a second cipher, 
which is the contents 880 enciphered with the disk ID of a 
particular disk. The second cipher is sent to the RAM 
recorder 892, where it is 8-15 or 8-16 modulated by the first 
modulation part in the recording means 893. The second 
cipher 912 is recorded in the first recording area 894a of the 
RAM disk 894 by means of a laser. In this way, the data of 
the RAM disk 894 is enciphered with the particular disk ID 
number. 

When the reproduction signals in this disk are 8-16 
demodulated by the first modulation 896a using a normal 
reproduction means 896, the second cipher of the contents is 
output. The second decoder 897 has second decoding keys 
898a, 8986 and 898c, which correspond to the cipher keys 
of the IC cards different for CATV stations or other program 
supply companies, respectively. In this case, the decoding 
key identification data of the decoder 868 or IC card 886 has 
been recorded in the first recording area 894a. The repro- 
ducer reads the decoding key identification data 913 from 
the first recording area 894a. The decoding key selection 



20 



25 



means 914 automatically selects out of the decoding keys 
898a through 898z the second decoding key 898a corre- 
sponding to each cipher key. With the disk ID 905a as a key, 
the second decoder 897 decodes the second cipher. An IC 
5 card having a particular decoding key might be used. In the 
case of an image, it is possible to obtain a normal image 
descrambled at a TV 899a. 

In the system of FIG. 24, a disk ID 905 is sent to the IC 
card inserted into the decoder in each user's home to 

10 encipher picture image data and/or the like. It is therefore 
not necessary for the software company 883 to individually 
change the cipher of the contents for distribution to users. 
Consequently, when broadcasting scrambled pay-per-view 
images to a great number of viewers as is the case with 

15 satellite broadcasting and CATV, it is possible to permit 
recording in only one RAM disk per user. 

If, at the same time when recording is made in a disk in 
the system of FIG. 24, an attempt is made to illegally copy, 
that is, record in a second disk, that is, a RAM disk of 
another disk ID, it is not possible to alter the disk ID because 
two-layer disks are used for BCAs. Therefore, unauthorized 
copying in the second disk at the same time is prevented. It 
can be considered that during another time period, a simu- 
lated or dummy recording permission code 901a and/or a 
third cipher is sent to the decoder and/or IC card and data is 
recorded in a RAM disk of another disk ID. Even against 
such unauthorized practice, the decoder time data control 
part 902 in the IC card compares the time of the timing data 
3Q 903 of the key issue center 884 and/or the time of the time 
data of the contents and the present time of the time data part 
904a in the decoder to judge if they coincide. If so (OK), the 
IC card 902 permits the encipherment of the second cipher 
computing unit 990. 
35 In this case, a hand-shake type time check method might 
be used which makes the second encoder 890 and first 
decoder 887 exchange check data bidirectionally. 

In the case of the hand-shake type, the second cipher 
computing unit 890 including the IC card, the first decoding 
40 part 887, and the third cipher part 889 confirm the cipher 
data bidirectionally. This prevents the unauthorized copying 
during the other time periods outside the time when the 
contents are sent. 

In this way, in each user's decoder 886, the software 
45 company's contents are recorded in only one RAM disk 894 
for each particular disk ID. This disk can be reproduced by 
any RAM disk reproducer. Even in the case of recording in 
a RAM disk by the method of FIG. 24, the software 
company's copyright is protected. Althoughthe encipher- 
50 ment and decoding have been explained with reference to 
the cipher encoders and cipher decoders, respectively, in the 
detailed description of the drawings, the cipher algorithm 
and the decoding algorithm are practically used with pro- 
grams in a CPU. 

55 

INDUSTRIAL APPLICABILITY 

By thus recording in advance the cipher key and/or the 
decoding key for an ID and/or a cipher in the BCA area of 

60 an optical disk, it is possible to release the cipher of 
enciphered contents by a simpler procedure. In addition, the 
secrecy of communication is realized without a conventional 
procedure for registration. By storing a network check 
program in contents, it is possible to prevent pieces of 

65 software of the same ID on the same network being 
installed. Thus, there are various effects on the improvement 
of security. 
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REFERENCE MATERIALS 


801 


disk with a BCA 


802 


fixed key 


803 


cipher encoder or scrambler 


804 


recording means 


805 


contents 


806 


ID 


807 


trimming unit 


808: 


i: molding machine 


8081 


r. reflecting film making machine 


808< 


;: bonding machine 


809 


completed disk 


809a: single-sided disk 


809b: single-sided disk 


811 


press field 


813 


fixed key 


814 


D\-j\ area 




disk ID 


816 


first cipher key (secret key) 


817 


second cipher key (secret key) 


818 


connection address 


£1 0 


reproducing unit 


820 


BCA reproducing section 


ST) 1 


password issue center 


822 


communication section 


823 


network 


824 


cipher key DB 


BZ3 


first decoding key 


826 


contents number 


827 


first cipher decoder 


828 


accounting center 


829 


second decoding key 


830 


accounting data 


831 


second cipher encoder 


832 


second cipher decoder 


833 


timing data 


834 


password producing section 


835 


password 


836 


personal computer 


837 


third decoding key 


838 


common key 


839 


third cipher key 


840 


third cipher encoder 


841 


third cipher decoder 


842 


main cipher encoder 


843 


main cipher decoder 


844 


main decoding key 


845 


first cipher decoder 


846 


cipher encoder 


847 


cipher decoder 


849 


BCA data 


850 


writing layer 


851 


character 


852 


general bar code 


853 


decoder 


860 


second cipher encoder 


861 


second cipher decoder 


862 


data reproducing section 


863 


ROM area 


864 


additional recording area 


865 


decoding flowchart 


890 


second cipher computing unit 


894a: first recording area 


908 


Internet 


909 


first computer 


910 


second computer 


911 


third computer 


912 


second cipher 


913 


decoding key identifying data 


914 


decoding key selecting means 
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-continued 


REFERENCE MATERIALS 


915 


first slice level 


916 


second slice level 


917 


PE-RZ modulator 


918 


transparent substrate 


919 


first recording area 


920 


second recording area 


921 


disk ID 


922 


BCA flag 


923 


CPU 


924 


control data 


925 


EFM demodulation 


926 


8-15 modulation-demodulation 


927 


8-16 modulation -demodulation 


928 


first demodulating section 


930 


second demodulating section 


931 


connection address 



What is claimed is: 

1. An information recording device for recording infor- 
mation on an optical disk comprising a first recording area 
and a second recording area, said device comprising: 

means for recording information using a first modulation 
method into a first recording area of such an optical 
disk; 

means for reading disk identification information 
recorded by a second modulation method in a second 
recording area of such an optical disk; 

means for encrypting information using a cipher key and 
any one such optical disk's unique identification 
information, into encrypted information unique to that 
one optical disk; and 

wherein said means for recording is capable of recording 
encrypted information unique to an optical disk in said 
first recording area of said optical disk. 

2. The information recording device of claim 1, wherein 
said means for recording information uses 8-16 modulation 
as said first modulation means. 

3. The information recording device of claim 1, wherein 
the means for reading disk identification information 
includes means for demodulating information modulated 
using phase method encoded (PE) modulation as said second 
modulation method. 

4. The information recording device of claim 1, wherein 
said recording means records information using 8-16 modu- 
lation as said first modulation method, and said reading 
means demodulates information modulated using phase 
encoded (PE) modulation as said second modulation 
method. 

5. The information recording device of claim 1, wherein 
said disk identification information recorded in said record- 
ing area of an optical disk comprises circumferentially 
arranged multiple stripe patterns each stripe of which 
extends along a radius of the disk. 
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